Conceptual Framework of an Information for Emergency Management for Higher Education in Thai Supply Chain

The objective of research were to develop conceptual framework of an information for emergency management for higher education in Thai supply chain and to evaluate conceptual framework of an information for emergency management for higher education in Thai supply chain. The research sample totalling ten experts consisted of five experts on supply chain , five experts on information system. All of expert must have educational qualification at the doctoral degree level, and must have more than more than four years of work experience The research tool was questionnaire assessing the suitability about conceptual framework of an information for emergency management for higher education in Thai supply chain comprises five elements namely main components suppliers, University, Good service and security, Customers. The data analysed by using arithmetic mean and standard deviation. The assessment about conceptual framework of an information for emergency management for higher education in Thai supply chain using Black-Box technique. The overall model evaluation result was validated at a “Good” level, suggesting that conceptual framework of an information for emergency management for higher education in Thai supply chain aims to support sustainable information system development

Conceptual framework on information security risk management in information technology outsourcing / Nik Zulkarnaen Khidzir, Noor Habibah Arshad and Azlinah Mohamed

Data security and protection are seriously considered as information security risk for information asset in IT outsourcing (ITO). Therefore, risk management and analysis for security management is an approach to determine which security controls are appropriate and cost effective to be implemented across organization for ITO to secure data/information asset. However, previous established approach does not extensively focus into information security risk in ITO. For that reason, a conceptual framework on information security risk management in IT outsourcing (ISRM-ITO) will be introduced throughout this paper. An extensive amount of literature review on fundamental concepts, theoretical background and previous findings on information security risk management and ITO had been conducted. Throughout the review, theoretical foundation and the process that lead to success in managing information security risk ITO were identified and these findings become a key component in developing the conceptual framework. ISRM-ITO conceptual framework consists of two layers. The first layer concentrates on information security risks identification and analysis before the decision is made to outsource it. The second layer will cover the approach of information security risk management which is used to analyze, mitigate and monitor risks for the rest of the ITO lifecycle. Proposed conceptual framework could improve organization practices in information security study for IT outsourcing through the adoption of risk management approach. Finally, an approach to determine a cost effective security control for information security risk can be implemented successfully in the ITO cycle

Public Finance, Security, and Development: A Framework and an Application to Afghanistan

Security is increasingly viewed as a key condition for economic growth and development. The authors argue that the work and impact of all development partners would be enhanced if the multiple linkages between public finance, security, and development were explicitly taken into account. At the extreme, in some cases better public finance management could have more impact on security than would more troops. The paper first outlines three core linkages between security and development--through the investment climate, human and social capital, and institutions. The authors then propose three complementary tools to analyze the security sector from the point of view of public finance management, service delivery, and governance. This conceptual framework is applied to the case of Afghanistan. The paper closes by drawing some conclusions about possible entry points for dialogue in this difficult area.access to education; access to employment; access to information; access to resources; accountability; accounting; adverse consequences; adverse effects; affordability; Aid Effectiveness;

Roadmap to Information Security: Theoretical study about information security with the views of practitioners

Information security is one of the hottest topics today, and we get to read and hear various stories in the media about how information security has failed in some companies. It has become an important function in companies. A revolution is underway in Finnish industry, in which digitalization, such as the Internet of Things, is being used increasingly in manufacturing processes. With this change, the connectivity between devices will increase and at the same time the communication will increase, and this will create new challenges into information security. This study provides a theoretical framework for creating a road map for better information security. The research remains at a conceptual and analytical level and has a management perspective. The work presents the views of practitioners and the SABSA® model, which is less well-known among practitioners. The theory part deals with the key concepts of information security for this work. Its purpose is to create a theoretical framework and road map for better information security. The key concepts of information security in this work are, classical definition based on data value, extended definition of information security, classification of information security sensitivity, classification of information security components, information security strategy, information security policy, standards, procedures and practices, risk management, information security controls, information security management, information security architecture, information security management and culture. The theory section also reviews the different project management methods from an information security perspective and reviews the differences between waterfall and agile methods. In addition, the theory section provides a separate overview of different information security standards, frameworks, and best practices. The theoretical framework was formed as a literature study and the empirical part consists of the transcripts of the main parts of the interviews and the road map generated from the theoretical framework. The aim of the interview was to seek improvements and to review the road map and to identify the challenges it may faces when implementing it. There are standards, frameworks, and best practices for managing and implementing infor-mation security, and these are the essential tools needed to implement and maintain infor-mation security. With these conceptual frameworks, such as SABSA, ISO 27000, NIST SP8000, and COBIT, it is possible to implement information security holistically in an organization. The different methods of project management are the methods which are used to implement these conceptual frameworks, standards, and best practices for information security into the organization.Tietoturvallisuus on tänä päivänä ehkäpä yksi kuumimmista aiheista ja saamme lukea ja kuulla mediasta erilaisia tarinoita siitä, kuinka tietoturva on pettänyt joissakin yrityksissä. Siitä on tullut yksi erittäin tärkeä toiminto yrityksissä, vaikka yritys itsessään ei tietoturva alalla toimisikaan. Suomalaisessa teollisuudessa on käynnissä vallankumous, jossa valmistusprosesseissa aletaan hyödyntämään digitalisointia, kuten esimerkiksi asioiden internettiä, aiempaa enemmän. Tämän muutoksen myötä liitettävyys laitteiden välillä kasvaa ja samalla tietoliikenne lisääntyy ja tämä osaltaan luo uusia haasteita tietoturvallisuuteen. Tässä tutkimuksessa luodaan teoreettinen viitekehys tiekartan luomiseksi parempaan tietoturvallisuuteen. Tutkimus pysyttelee käsitteellisellä ja analyyttisella tasolla ja siinä on johtamisen näkökulma. Työssä esitellään käytännönharjoittajien näkökantoja sekä SABSA® malli, joka on vähemmän tunnettu käytännönharjoittajien keskuudessa. Teoria osuudessa käsitellään tämän työn kannalta tietoturvallisuuden keskeisimpiä käsitteitä. Sen tarkoituksena on luoda teoreettinen viitekehys, jonka pohjalta rakennetaan tiekartta parempaan tietoturvallisuuteen. Keskeisiä tietoturvallisuuden käsitteitä tässä työssä on, klassinen tiedon arvoon perustuva määritelmä, laajennettu tietoturvallisuuden määritelmä, tietoturvallisuuden arkaluontoisuuden luokittelu, tietoturvallisuuden osa-alueiden luokittelu, tietoturvallisuus strategia, tietoturvallisuus politiikka, standardit, menettelyt ja käytännöt, riskienhallinta, tietoturvallisuuden kontrollit, tietoturvallisuuden hallinnointi, tietoturvallisuuden arkkitehtuuri, tietoturvallisuuden johtaminen ja kulttuuri. Teoria osuudessa tehdään katsaus myös projektien eri hallinta menetelmiin tietoturvallisuuden näkökannalta ja siinä lähinnä käydään läpi niitä eroja, joita vesiputous ja ketterillä menetelmillä on. Lisäksi teoria osuudessa tehdään erikseen katsaus tietoturvallisuuden eri standardeihin, viitekehyksiin ja parhaisiin käytänteisiin. Teoria viitekehys muodostettiin kirjallisuus tutkimuksena ja empiirinen osuus koostuu haastattelujen litteroinneista sekä teoriaviitekehyksestä syntyneestä tiekartasta. Haastattelun avulla pyrittiin hakemaan parannuksia ja tarkistamaan muodostettua tiekarttaa ja löytämään niitä haasteita, joita sitä toteuttaessa kohdataan. Aineistona tässä tutkimuksessa on käytetty alan kirjallisuutta ja tieteellisiä artikkeleita sekä haastattelun tuloksia. Keskeisiä havaintoja tutkimusta tehdessä oli se, että kirjallisuustutkimuksella pystytään muodostamaan tiekartta tietoturvallisuusjärjestelmän toteuttamiseen organisaatioissa. Tietoturvallisuuden johtamiseen ja toteuttamiseen on olemassa standardeja, viitekehyksiä ja parhaita käytänteitä ja juuri nämä ovat niitä olennaisia työkaluja, joita tietoturvallisuuden toteuttamisessa ja ylläpitämisessä tarvitaan. Näillä käsitteellisillä viitekehyksillä, kuten SABSA, ISO 27000, NIST SP8000 ja COBIT on mahdollista toteuttaa kokonaisvaltaisesti organisaation tietoturvallisuus. Projektinhallinnan eri menetelmät ovat niitä menetelmiä, joilla näitä tietoturvallisuuden käsitteellisiä viitekehyksiä, standardeja ja parhaita käytänteitä jalkautetaan organisaatioon

Application Access Control using Enterprise Models

In this paper a framework for a model-driven control of identity management systems is presented. An important issue in today\u27s information systems security discussion addresses the effective authorisation of users. With established conceptual modelling languages the assignment of roles to the identity management software is an enormous organisational effort. To decrease administration costs we propose a direct connection between the identity management system and enterprise models which contain the organisational responsibilities. Therefore, we have created the modelling approach E³+WS available for the meta-CASE tool cubetto toolset and the Novell Identity Manager

The effects of land registration on financial development and economic growth - a theoretical and conceptual framework

The author develops a theoretical framework to guide empirical analysis of how land registration affects financial development and economic growth. Most conceptual approaches investigate the effects of land registration on only one sector, nut land registration is commonly observed to affect not only other sectors but the economy as a whole. The author builds on the well-tested link between secure land ownership and farm productivity, adding to the framework theory about positive information and transaction costs. To map the relationship between land registration and financial development and economic growth, the framework links: 1) Land tenure security and investment incentives. 2) Land title, collateral, and credit. 3) Land markets, transactions, and efficiency. 4) Labor mobility and efficiency. 5) Land liquidity, deposit mobilization, and investment. Empirical results from applying the framework to a single case study - of Thailand, described in a separate paper - suggest that the framework is sound.Labor Policies,Environmental Economics&Policies,Banks&Banking Reform,Economic Theory&Research,Payment Systems&Infrastructure,Economic Theory&Research,Municipal Financial Management,Rural Land Policies for Poverty Reduction,Environmental Economics&Policies,Banks&Banking Reform

Semantic Information Assurance for Secure Distributed Knowledge Management: A Business Process Perspective

Secure knowledge management for eBusiness processes that span multiple organizations requires intraorganizational and interorganizational perspectives on security and access control issues. There is paucity in research on information assurance of distributed interorganizational eBusiness processes from a business process perspective. This paper presents a framework for secure semantic eBusiness processes integrating three streams of research, namely: 1) eBusiness processes; 2) information assurance; and 3) semantic technology. This paper presents the conceptualization and analysis of a secure semantic eBusiness process framework and architecture, and provides a holistic view of a secure interorganizational semantic eBusiness process. This paper fills a gap in the existing literature by extending role-based access control models for eBusiness processes that are done by using ontological analysis and semantic Web technologies to develop a framework for computationally feasible secure eBusiness process knowledge representations. An integrated secure eBusiness process approach is needed to provide a unifying conceptual framework to understand the issues surrounding access control over distributed information and knowledge resources

Capacity Building In Information And Communication Management (ICM) Towards Food Security

This paper addresses capacity strengthening needs in the area of ICM to support food security initiatives. It fully acknowledges that FS is a state of assuring physical availability and economic accessibility to enough food in terms of quantity (amount, distribution, calories), quality (safe, nutritious, balanced) and cultural acceptability for all people at all times for a healthy and active life. It starts by outlining how ICM can support strategies to ensure availability, access, acceptability, adequacy, and agency and it highlights key information needs in each case. A FS Information and Communication Web is developed basing on a generic conceptual framework of determinants of food security. The web delineates information needs that would support strategies to ensure adequacy of food, stability of supply, and access – physical and economical. The paper then articulates capacity strengthening needs in line with the three dimensions or levels of food security: national, community and household. Four case studies: (i) Uganda’s ICT policy and Food Security (ii) Human Resources needs at community level drawing experiences from Africa and Asia (iii) HR Capacity Development Needs in Africa by the IMF (iv) Audio visual and farmer skills in Mali – serve to demonstrate grassroots ICM applications that support food security initiatives, and in each case it points to theme specific capacity strengthening needs. The studies, as a result, demonstrate how enhanced ICM capacity can support food security through: developing suitable ICT policies, empowering communities with ICM knowledge, improving development planning, enhancing agricultural productivity, supporting marketing systems, improving natural resources management and conservation, and through effective execution of early warning systems – all having implications for food security. The paper concludes by presenting a summary of capacity strengthening needs. These range from sensitization of regional and national policy makers, down to technical skills required by data collectors, analysts and information generators, knowledge disseminators and also knowledge users. To achieve the above the paper proposes roles that may be played by governments, NGOs, education sector, research and development institutions, regional and international organizations, and CTA.Capacity Building, Food Security, ICM, Tanzania